Expand my Community achievements bar.

SOLVED

Attaching a header to the Oauth Token endpoint responses

Avatar

Level 1

Hey there,

 

I'm trying to get AEM to append a content-type header to the response of /oauth/token, as the remote server posting a token is expecting the application/json type back. I'm currently trying to use filters to achieve this, and I can get a filter to activate on pretty much every request EXCEPT the /oauth/token endpoint. Is there a way I could get the filter to activate on that endpoint, or a better way to go about this? Thanks!

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

Hi,

 

You should check if this /oauth/token request is handled by Sling or outside of Sling. If you already tried using a (Sling) Filter to modify the response, this servlet is probably registered outside of Sling. To check that please go to http://localhost:4502/system/console/httpservice and check if there's a servlet registered to /oauth/token. If yes, then you need to register you filter to the OSGI http whiteboard. And example for such a filter is https://github.com/apache/sling-org-apache-sling-i18n/blob/master/src/main/java/org/apache/sling/i18...

View solution in original post

5 Replies

Avatar

Community Advisor

Hi @candersen_hoodoo,

 

I am not sure what is your end to end scenario, but I have used OAUTH in couple of integrations and we never had to modify the response of oauth/token endpoint for a successful communication.

 

You can go through couple of blogs below, these might help!!

https://labs.tadigital.com/index.php/2017/08/18/aem-as-oauth-server-part-1-setting-up-scopes/

https://labs.tadigital.com/index.php/2017/09/06/aem-as-oauth-server-part-2-testing-oauth/

 

If this doesn't help. Can you please explain your scenario in a bit detail.

 

Avatar

Level 1

Hi @ChitraMadan ,

I'm currently interfacing with a pre-built solution on the other side. When we send the final token response back in AEM after they POST to /oauth/token, we aren't sending any information on the response about the formatting, so the other side casts it to an octet-stream, which causes it to break as it is expecting application/json. I just need to add on that information so that the server on the other side reads the data correctly. If there's no good solution for this, we could ask our vendor to fix it, but that would be much more time consuming than filtering a header onto the response.

Avatar

Community Advisor

Yes, you can filter the request by using sling filters
e,g. filter will betriggered only for /libs/cq/i18n/dict.* paths.

 

@component(service = Filter.class, property = {
		Constants.SERVICE_DESCRIPTION + "= Filter incoming CRXDE requests and redirect to new home page",
		EngineConstants.SLING_FILTER_SCOPE + "=" + EngineConstants.FILTER_SCOPE_REQUEST,
		EngineConstants.SLING_FILTER_PATTERN + "=/libs/cq/i18n/dict.*",
		"sling.filter.methods=" + HttpConstants.METHOD_GET, //EngineConstants.SLING_FILTER_METHODS + "=" + HttpConstants.METHOD_GET,
		Constants.SERVICE_RANKING + "=-701"

})

  



Arun Patidar

Avatar

Correct answer by
Employee Advisor

Hi,

 

You should check if this /oauth/token request is handled by Sling or outside of Sling. If you already tried using a (Sling) Filter to modify the response, this servlet is probably registered outside of Sling. To check that please go to http://localhost:4502/system/console/httpservice and check if there's a servlet registered to /oauth/token. If yes, then you need to register you filter to the OSGI http whiteboard. And example for such a filter is https://github.com/apache/sling-org-apache-sling-i18n/blob/master/src/main/java/org/apache/sling/i18...

Avatar

Community Advisor

Another option to try if the request is routed via dispatcher(Apache) - Force the content-type from Apache

Enable the below configuration in your virtual host

<LocationMatch "^/oauth/token$">
   ForceType application/txt
</LocationMatch>